Why Vulnerability Research Matters
Quote:
|
reporting ????
well if the original devs are helpful and cooperating with the security researchers then it should not be disclosed BUT if the original devs are NOT helpful and are NOT cooperating with the security researchers( stone walling and blowing off the researchers) then YES report it to the world |
From the article:
Quote:
This 'attitude' sounds an awful lot like security through obscurity to me and we all know how well that works. {edit} I read a comment about how commercial software vendors have a monetary interest in not releasing information regarding discovered vulnerabilities. Doing so could cause potential customers to question whether or not to purchase, patches and upgrades much be sent via distribution channels, etc. I know that I have seen this where I have worked. As a former boss once put it, "I can't lie about the defects that they know about, but I am under no obligation to disclose information about those that they don't". The claim was that the tendency to try and restrict this information in the hopes that nobody notices is a lot of the reason that the researchers started making this information known. |
All times are GMT -5. The time now is 12:50 AM. |